Ransomware

The Orleans Parish Sheriff's Office has been hit by a ransomware attack from international cybercrime group Qilin, who breached systems three weeks ago and are demanding payment. The hackers obtained 842 gigabytes of data including contracts, inmate documents, and expense records, though no sensitive information appears compromised.

The attack has disrupted the DocketMaster system that handles inmate transfers and releases, forcing families like one woman whose husband remains jailed despite paying bond to wait longer. "I have two sons, four and six years old. They miss their dad," she told local news.

Officials are using manual workarounds and refuse to pay the ransom. The malware reportedly came through email from another law enforcement agency.

Source: CBS News

A sophisticated ransomware attack hit Nevada's government systems Sunday, forcing all state offices to close and potentially compromising personal information. Gov. Joe Lombardo initially said no data was stolen, but officials revealed Wednesday that hackers may have accessed personal records during the breach.

The cyberattack immobilized essential services statewide. DMV offices remain closed, leaving residents unable to complete appointments. Law enforcement lost access to state records, and Nevada State Police dispatch lines went down temporarily, though 911 services stayed operational.

State officials are carefully rebuilding systems to ensure hackers are completely removed before reconnecting networks. The attack highlights growing threats to smaller government agencies nationwide.

Source: CBS News

Cybercriminals have discovered a clever way to weaponize AI tools against users. According to CloudSEK researchers, attackers hide malicious Windows commands in documents using invisible CSS tricks like white-on-white text and zero-width characters.

When AI summarization tools process this content, they get overwhelmed by repeated hidden instructions and include the malicious commands in their summaries. Users then see what appears to be legitimate advice but are actually being tricked into running ransomware.

This "ClickFix" attack turns helpful AI assistants into unwitting accomplices. The malicious content can spread through search engines, forums, and emails, making detection difficult.

Source: Cybernews

SonicWall has confirmed that recent ransomware attacks targeting its SSL VPN products weren't caused by a new zero-day vulnerability, but rather were the result of attackers exploiting the previously patched CVE-2024-40766 flaw. The attacks affected fewer than 40 customers and appear linked to legacy credentials left over during migrations from Generation 6 to Generation 7 firewalls.

Attackers exploited outdated or weak credentials that weren't updated during hardware upgrades. SonicWall is urging customers to immediately change their credentials and upgrade to SonicOS 7.3.0, which includes enhanced multi-factor authentication, login attempt lockouts, and stronger password policies to prevent future attacks.

Source: Cyber Security News

Kidney dialysis provider DaVita suffered a massive ransomware attack in April 2025 that compromised personal information of more than one million people. The Interlock ransomware gang accessed DaVita's dialysis labs database, stealing names, Social Security numbers, medical records, financial details, and even images of personal checks.

The breach affected both DaVita patients and individuals whose lab results were processed by DaVita Labs for other healthcare providers. DaVita has offered free credit monitoring and identity protection services to victims.

The attack cost DaVita $13.5 million in remediation expenses and disrupted patient care. This ranks as the seventh largest data breach of 2025 and highlights the growing threat ransomware poses to healthcare systems nationwide.

Source: SecurityWeek

Cybercriminals are deploying Interlock ransomware through a clever social engineering trick called ClickFix. Victims visit compromised websites that display fake error messages, prompting them to copy and run malicious PowerShell commands that appear to fix technical issues.

Active since September 2024, the ransomware has targeted organizations across North America and Europe using double extortion tactics. The malware fingerprints victim systems to identify high-value targets while avoiding security researchers. eSentire analysts discovered the sophisticated attack chain in July 2025, revealing multi-layered techniques involving PowerShell scripts and custom remote access tools.

Source: Cyber Security News

Cybercriminals behind Akira ransomware are exploiting SonicWall SSL VPN devices in what appears to be a zero-day attack, successfully breaching fully-patched systems. The attacks target organizations using SonicWall's VPN infrastructure, raising serious concerns about a previously unknown vulnerability.

Since the compromised devices were up-to-date with security patches, security experts suspect attackers discovered and weaponized a new flaw before SonicWall could address it. Organizations using SonicWall VPNs face immediate risk and should monitor their networks closely for suspicious activity while awaiting official patches.

Source: The Hacker News

A new wave of ransomware attacks may be exploiting an unknown zero-day vulnerability in SonicWall firewall devices, researchers warn. Arctic Wolf detected suspicious activity starting July 15, when hackers used VPN access through SonicWall SSL VPNs to launch intrusions the following week. The attackers deployed Akira ransomware in hands-on attacks after compromising the devices.

What's particularly concerning: hackers breached fully patched SonicWall systems with rotated credentials and even bypassed multi-factor authentication. This echoes similar attacks from 2024 targeting CVE-2024-40766. Arctic Wolf's investigation remains preliminary, but the pattern suggests a serious new threat to SonicWall users.

Source: Cybersecurity Dive

The Gunra ransomware group, which emerged in April targeting Windows systems, has released a sophisticated Linux variant capable of running 100 parallel encryption threads—double what most ransomware allows. This cross-platform expansion makes Gunra particularly dangerous, offering attackers unprecedented speed and flexibility in file encryption.

The group gained notoriety by allegedly leaking 40TB of hospital data in May and has since targeted victims across Brazil, Japan, Canada, Turkey, South Korea, Taiwan, and the US. Unlike its Windows version, the Linux variant skips ransom notes and focuses purely on rapid, configurable encryption. Trend Micro researchers warn organizations to monitor this fast-evolving threat closely.

Source: Dark Reading

Google researchers exposed UNC3944, a ransomware group targeting US retail, airline, and insurance companies through sophisticated phone scams. The hackers call IT help desks pretending to be employees, trick staff into resetting passwords, then use stolen credentials to access virtual server systems and deploy ransomware within hours.

Unlike typical cyberattacks, they don't use malware but manipulate legitimate administrative tools, making detection extremely difficult. The group's activity declined after 2024 law enforcement actions. But other ransomware groups are now copying these tactics, making this a growing threat requiring immediate defensive action.

Source: Industrial Cyber